SSL failure for non www domain

Hello, first-time poster so please forgive any potential mistakes.

Site name:

I am unable to navigate to the non-www version of my site ( without getting a “this website is not secure” warning. After reading your documentation I found that:

It is possible that we will get a certificate for one name (for example, ) and not for another (for example, or some domain alias). In this case selecting Renew certificate should resolve the issue. If it doesn’t, please post in the Netlify Support Forums so our support engineers can repair the certificate.

I followed the required steps (renewing the SSL certificate) and not only this did not fix the issue, but now I am now unable to renew the certificate because I am getting a " Acme::Client::Error::RateLimited: Error creating new order :: too many failed authorizations recently: see Rate Limits - Let's Encrypt". This even though I renewed the certificate only once, and looking at the last updated date it didn’t even renew successfully.

I am a bit lost on what to do next, hope that somebody can help. Thanks in advance.

Hey @NiccoloGranieri

It appears you do not have the required A record for your apex/root domain configured at per the Configure an apex domain documentation.

You need to have an “ALIAS , ANAME , or flattened CNAME record” pointing to or an A record pointing to

Hey @coelmay, thanks for the super quick response.

I had an A record pointing to until yesterday and I had the exact same issue. I removed it because I thought I did something wrong, and decided to clean-up before posting here.

However, if you think that’s the issue, I’ll re-add the record straight away and hope for the best. Thanks!

Hey @coelmay, DNS changes seem to have propagated (I did a quick check): I can see the A record pointing at However, the problem remains, any suggestions? is loading now, but without SSL. The fix for this is hopefully as simple as pressing the “Renew Certificate” button, see: Site Settings > Domain Management > HTTPS e.g.

Hi @coelmay, as explained in my original post, I cannot renew my certificate because of the error posted. See further screenshot below:

Hi, @NiccoloGranieri. The root cause in this case is an AAAA record pointing to an IP address that Netlify does not control for the apex domain. The DNS record that is cause this is the one below:		14400	IN	AAAA	2001:4b78:1001::1601

If that record is deleted, the SSL for the apex domain can be provisioned once the rate limit at Let’s Encrypt is lifted and the TTL (time to live) on the DNS record above has expired.

There is more information about the rate limits at Let’s Encrypt here:

Quoting that page:

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently .

To summarize, if you delete the AAAA record above, you should be able to provision SSL about four hours later (because that is how long it will take for the cached record to expire).

After the four hours have passed after deleting the record above, the provisioning should work if you click the “Renew certificate” button found here:

If that doesn’t resolve the issue please let us know.

Hello netlify team i have the same exact and no AAAA record

Could you let us know the domain name in question?

Thank you Hrishikesh, the domain name is

Hey @willnetlify13,

If you visit here: (The check returned by Lets Encrypt), you can see that there were multiple DNS entries that were resolving.

At the moment, your domain is on hold due to rate limits by Lets Encrypt. These limits usually last for a week. So I believe now that you’ve got a correct DNS configuration, you should be able to get the SSL after a week.

great will test and update you on the 1 of June! thanks again!

i got the new certificate on the 1st of June thanks again for the support!

1 Like

Hi, @willnetlify13. Thanks for the follow-up and I’m glad to learn it is working now.